package com.abc.tacos.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * @author Kar
 * @create 2022-04-20 上午10:42
 */
// @Configuration
// @EnableWebSecurity
public class SecurityConfig_HttpBasic extends WebSecurityConfigurerAdapter {
    // 1、使用httpbasic认证的方式
    // 1） IF_REQUIRED策略
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.httpBasic()//开启httpbasic认证
                .and()
                    .authorizeRequests()
                        .anyRequest()
                            .authenticated()
                // Make H2-Console non-secured; for debug purposes
                // tag::csrfIgnore[]
                .and()
                    .csrf()
                        .ignoringAntMatchers("/h2-console/**")
                // end::csrfIgnore[]
                // Allow pages to be loaded in frames from the same origin; needed for H2-Console
                // tag::frameOptionsSameOrigin[]
                .and()
                    .headers()
                        .frameOptions()
                            .sameOrigin();
                // end::frameOptionsSameOrigin[]
                ;//所有请求都需要登录认证才能访问
    }
}
